What is unsafe content?
UNSAFECONTENT is <script> or <style> elements (and a few others) on a wiki page. It may be directly entered into the HTML source, or generated by DekiScript. Due to security concerns, these elements are considered "unsafe", and special permission must be granted users to employ these elements.
If the wiki sees unsafe content that was not entered by an authorized user, it will take one of various actions, all of which add up to the same result: the code will not be included in the HTML that is output for the page, and the template will not work correctly.
Because many templates on the App Catalog employ unsafe content to do useful stuff, you need to be aware of how to avoid the potential installation gotchas.
See this page for further info on use of unsafe content.
Acquiring UNSAFECONTENT permission
The admins may grant UNSAFECONTENT permission to a user by either:
- assigning a user to a role that has that permission (perhaps a new role needs to be created for this), or
- adding UNSAFECONTENT permission to the user's current role (therefore also granting UNSAFECONTENT permission to all users of that role).
Using Templates which require UNSAFECONTENT permission
Many templates have a warning in their installation instructions to the effect that "UNSAFECONTENT" permission is required for this template". What this actually means is that, for the template to operate correctly, the user who last saves the template must have UNSAFECONTENT permission. In other words, it's not the user who's using the template, it's the user that saves it in the first place.
If your wiki restricts UNSAFECONTENT permissions to a limited group of users, that means that you should set your template permissions to semi-public, and allow write-access only to those users. Otherwise, a user without said permission could innocently correct a typo in the template, and by the act of resaving it, disable it from working.
If this happens, it may be fixed simply by having a user with UNSAFECONTENT permission edit and then save the template.
Template Self-Checking
Some templates may have a built-in check to verify that the template was saved with the correct permissions, and will output an error if not. Although this adds a bit of overhead to the template, it is desirable for those published on the App Catalog, to minimize the possibility of user error during installation. To implement this check in your code, simply insert the following in a separate DekiScript block at the very top of the template:
// This code checks if the template is properly installed for unsafe content execution,
// and may be removed if this check is not desired.
var chkunsafe = wiki.inclusions()[-1];
if (!wiki.pagepermissions(chkunsafe.id, chkunsafe.author.id).unsafecontent)
<div style="color:red; width:75%; padding:5px; border:1px solid red;">
"WARNING: The page '"..chkunsafe.path.."' must be re-saved by a user with UNSAFECONTENT permission in order to work correctly. ";
<a href="http://developer.mindtouch.com/DekiScript/FAQ/How_do_I...use_Templates_which_require_UNSAFECONTENT_permission"> "See this" </a>;
" for more info.";
</div>; 
